Message was signed, but signature could not be verified - Shibboleth 3.3

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Message was signed, but signature could not be verified - Shibboleth 3.3

Hi, I'm new to Shibboleth/SAML/SP so, please bear with me.

I'm trying to configure an IDP on a linux client along with a test SP (also a linux client). I've made all the necessary configuration changes and on connecting to the SP address, it redirects to the IDP for authentication and even the authentication works fine. However I get this error on the browser on logging in:


The system encountered an error at Tue Feb 21 02:54:59 2017

To report this problem, please contact the site administrator at root@localhost.

Please include the following message in any email:
opensaml::SecurityPolicyException at (https://scspr0186132001.gdl.englab.netapp.com/Shibboleth.sso/SAML2/POST)

Message was signed, but signature could not be verified.

I checked the idp-process.log and did not find anything useful other than a WARN which might be the only thing special in it:

INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:128] - Message Handler:  No metadata returned for https://scspr0186132001.gdl.englab.netapp.com/shibboleth in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
WARN [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:60] - SAMLPeerContext did not contain either a SAMLMetadataContext or a RoleDescriptor, unable to evaluate rule
INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstJAAS:246] - Profile Action ValidateUsernamePasswordAgainstJAAS: Login by 'admin' succeeded
INFO [Shibboleth-Audit.SSO:241] - 20170221T075459Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_8c9f2d795f6c29a8917bf0ff2339d73b|https://scspr0186132001.gdl.englab.netapp.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://rh7-template4.mgmt.smoke/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_001dc75b58d6736c91901b086a429d4f|admin|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport||AAdzZWNyZXQx8exmPgcC7sMi6irnJGh1axnQSbz6zy6uuj6HacTosdgEZhTM/g7VERKR9xR6I/FYic61HbB7xb0QjvYbuM9yr3EDfKXwzTlKtRvQPdDxGLRKEOmjfUYQf/sYk6sdpE2Mj0+pez/2fL0ysIgxA+8vn97QSf9DYuTr9mM6QQ==|_c5f3f55019bbb13cbb4900b71709be7e|

Does anyone have any ideas as to why this is coming up? Any resolutions?
Thanks for your time!